Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

The request contains two IP address: 1 of the client and 1 append for cloudflare

satyr
Nimbostratus
Nimbostratus

‎19-Jul-2021 17:49

Hello

 

When my VS is invoked from Cloudflare, the header contains two ip addresses. I have identified that the first ip address of the header corresponds to the user that connects and the second ip address correspond to Cloudflare

¿Is it possible to insert only the ip address of the connecting user and remove the ip address from Cloudflare?

 

0691T00000CqdTJQAZ.png

Labels:
0 Kudos
8 REPLIES 8

Daniel_Wolf
Nacreous
Nacreous

‎19-Jul-2021 22:25

Hi satyr,

 

Cloudflare has another header you could use, see the article for True-Client-IP header:

Understanding the True-Client-IP Header

 

Enable this header and try to update your iRule like this:

when HTTP_REQUEST { HTTP::header insert X-Forwarded-For [HTTP::header value "True-Client-IP"] }

Let us know if this has solved your issue.

 

KR

Daniel

 

0 Kudos

satyr
Nimbostratus
Nimbostratus
In response to Daniel_Wolf

‎20-Jul-2021 09:03

Hello Daniel

 

Thanks for read my question

 

Let me do the test and I would confirm if the result was successful

 

0 Kudos

satyr
Nimbostratus
Nimbostratus
In response to satyr

‎21-Jul-2021 16:44

Hello Daniel

 

The problem persists, 2 ip's are seen and the page does not load at the application level

 

0 Kudos

Daniel_Wolf
Nacreous
Nacreous
In response to satyr

‎22-Jul-2021 04:28

Is there another device involved that could modify the X-Forwarded-For header? Either between Cloudflare and BIG-IP or BIG-IP and application server?

 

KR

Daniel

0 Kudos

Mayur_Sutare
MVP
MVP

‎19-Jul-2021 22:32

Does your application traffic flow is like given below ? -

 

Client --> CloudFlare --> F5 vServer --> Backend servers

 

If yes, then xff settings enabled under http profile mapped on the vServer is adding CF IP in the header. The original client IP in the header is added by CF itself. In this case, disabling xff settings under F5 http profile should help you. But this change/setting will be applicable for all the application urls which are on that vServer.

0 Kudos

satyr
Nimbostratus
Nimbostratus

‎20-Jul-2021 09:01

Hello Mayur

 

Thanks for read my question.

 

In this moment the traffic flow is: Cloudflare-->F5 Virtual Server-->Backen Servers

0 Kudos

satyr
Nimbostratus
Nimbostratus

‎22-Jul-2021 11:00

Hello Daniel

 

In this moment the traffic flow is: Cloudflare-->F5 Virtual Server--> Backend Servers

 

In the backend servers (httpd.conf archive), I have the following line to capture the remote ip address

 

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" common

  SetEnvIf X-Forwarded-For "^.\..\..\.." forwarded

0 Kudos

Daniel_Wolf
Nacreous
Nacreous
In response to satyr

‎22-Jul-2021 13:07

Hallo Satyr,

 

you should add a log statement to the iRule or do a tcpdump in order to monitor whether the True-Client-IP Header contains two IP addresses or if the second IP is added by something else to the XFF header.

 

KR

Daniel

0 Kudos
Copyright © 2023 Khoros, LLC